diff --git a/CHANGELOG.md b/CHANGELOG.md index d49938cb..1ef8760b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ ### Not released yet +DIST: + +* go: Build with Golang 1.17.3. +* tools: Update `golangci-lint` to `v1.43.0`. [#76](https://github.com/elastic/harp/pull/76) + ## 0.2.0 ### 2021-10-26 @@ -17,7 +22,7 @@ DIST: CHANGES: -* core/vault: Replace json encoded metadata in secret data by a JSON object. [#68](https://github.com/elastic/harp/pull/68) +* core/vault: Replace JSON encoded metadata in secret data by a JSON object. [#68](https://github.com/elastic/harp/pull/68) * crypto/pem: Delegate PEM encoding/decoding to `go.step.sm/crypto` [#73](https://github.com/elastic/harp/pull/73) FEATURES: @@ -27,7 +32,7 @@ FEATURES: * from/vault: Support legacy bundle metadata format. [#69](https://github.com/elastic/harp/pull/69) * template/engine: `jsonEscape` / `jsonUnescape` is added to handle string escaping using JSON character escaping strategy [#70](https://github.com/elastic/harp/pull/70) * template/engine: `unquote` is added to unquote a `quote` escaped string. [#70](https://github.com/elastic/harp/pull/70) -* bundle/prefixer: Globally add a prefix to all secret package. [#74](https://github.com/elastic/harp/pull/74) +* bundle/prefixer: Globally add a prefix to all secret packages. [#74](https://github.com/elastic/harp/pull/74) * plugin/kv: Promote harp-kv as builtin. [#75](https://github.com/elastic/harp/pull/75) ## 0.1.24 diff --git a/README.md b/README.md index e607faf7..8f3676e5 100644 --- a/README.md +++ b/README.md @@ -200,7 +200,7 @@ Download a [release](https://github.com/elastic/harp/releases) or build from sou ```sh $ go version -go version go1.17.2 linux/amd64 +go version go1.17.3 linux/amd64 ``` > Simple go version manager - diff --git a/build/mage/docker/build.go b/build/mage/docker/build.go index 959cde75..66cfbd8a 100644 --- a/build/mage/docker/build.go +++ b/build/mage/docker/build.go @@ -126,7 +126,7 @@ func Build(cmd *artifact.Command) func() error { } // Prepare command - // expected behavior + //nolint:gosec // expected behavior c := exec.Command("docker", "build", "-t", fmt.Sprintf("elastic/%s", cmd.Kebab()), "-f", "-", diff --git a/build/mage/docker/release.go b/build/mage/docker/release.go index c54e3c17..a7345ad7 100644 --- a/build/mage/docker/release.go +++ b/build/mage/docker/release.go @@ -136,7 +136,7 @@ func Release(cmd *artifact.Command) func() error { } // Prepare command - // expected behavior + //nolint:gosec // expected behavior c := exec.Command("docker", "build", "-t", fmt.Sprintf("elastic/%s:artifacts-%s", cmd.Kebab(), relVer.String()), "-f", "-", diff --git a/build/mage/docker/tools.go b/build/mage/docker/tools.go index e1504d87..5afa3bfe 100644 --- a/build/mage/docker/tools.go +++ b/build/mage/docker/tools.go @@ -120,7 +120,7 @@ func Tools() error { } // Prepare command - // expected behavior + //nolint:gosec // expected behavior c := exec.Command("docker", "build", "-t", "elastic/harp-tools", "-f", "-", diff --git a/build/mage/golang/init.go b/build/mage/golang/init.go index 46507b7e..ff69bf70 100644 --- a/build/mage/golang/init.go +++ b/build/mage/golang/init.go @@ -27,8 +27,8 @@ import ( // Keep only last 2 versions var goVersions = []string{ - "~1.17.2", - "~1.16.9", + "~1.17.3", + "~1.16.10", } func init() { diff --git a/build/mage/golang/source.go b/build/mage/golang/source.go index 73f1a819..1f637db1 100644 --- a/build/mage/golang/source.go +++ b/build/mage/golang/source.go @@ -30,7 +30,7 @@ import ( var PathSeparatorString = string(os.PathSeparator) // AllPackagesPath denotes all Go packages in a project. -var AllPackagesPath = strings.Join([]string{".", "..."}, PathSeparatorString) +var AllPackagesPath = "." + PathSeparatorString + "..." // AllCommandsPath denotes all Go application packages in this project. var AllCommandsPath = strings.Join([]string{".", "cmd", "..."}, PathSeparatorString) diff --git a/cmd/harp/internal/cmd/plugin_list.go b/cmd/harp/internal/cmd/plugin_list.go index e01f8aab..a04a9757 100644 --- a/cmd/harp/internal/cmd/plugin_list.go +++ b/cmd/harp/internal/cmd/plugin_list.go @@ -21,7 +21,6 @@ import ( "bytes" "errors" "fmt" - "io/ioutil" "os" "path/filepath" "strings" @@ -102,7 +101,7 @@ func (o *pluginListOptions) Run(cmd *cobra.Command) error { } // Crawl each directory to identify readable ones - files, err := ioutil.ReadDir(dir) + files, err := os.ReadDir(dir) if err != nil { var pathErr *os.PathError if errors.As(err, &pathErr) { diff --git a/cmd/harp/internal/cmd/template.go b/cmd/harp/internal/cmd/template.go index ab3df750..469283f6 100644 --- a/cmd/harp/internal/cmd/template.go +++ b/cmd/harp/internal/cmd/template.go @@ -20,7 +20,6 @@ package cmd import ( "fmt" "io" - "io/ioutil" "github.com/hashicorp/vault/api" "github.com/spf13/afero" @@ -113,7 +112,7 @@ func runTemplate(cmd *cobra.Command, args []string) { } // Drain reader - body, err := ioutil.ReadAll(reader) + body, err := io.ReadAll(reader) if err != nil { log.For(ctx).Fatal("unable to drain input template reader", zap.Error(err), zap.String("path", templateInputPath)) } diff --git a/cmd/harp/internal/cmd/transform_encryption.go b/cmd/harp/internal/cmd/transform_encryption.go index 174857ec..f8e2a243 100644 --- a/cmd/harp/internal/cmd/transform_encryption.go +++ b/cmd/harp/internal/cmd/transform_encryption.go @@ -18,7 +18,7 @@ package cmd import ( - "io/ioutil" + "io" "github.com/spf13/cobra" "go.uber.org/zap" @@ -69,7 +69,7 @@ var transformEncryptionCmd = func() *cobra.Command { } // Drain reader - content, err := ioutil.ReadAll(reader) + content, err := io.ReadAll(reader) if err != nil { log.For(ctx).Fatal("unable to drain input reader", zap.Error(err)) } diff --git a/pkg/bundle/codec.go b/pkg/bundle/codec.go index ef131bc5..c0c22c65 100644 --- a/pkg/bundle/codec.go +++ b/pkg/bundle/codec.go @@ -22,7 +22,6 @@ import ( "encoding/json" "fmt" "io" - "io/ioutil" "sort" "strings" @@ -117,7 +116,7 @@ func Load(r io.Reader) (*bundlev1.Bundle, error) { return nil, fmt.Errorf("unable to process nil reader") } - decoded, err := ioutil.ReadAll(r) + decoded, err := io.ReadAll(r) if err != nil { return nil, fmt.Errorf("unable to decompress bundle content") } @@ -390,7 +389,7 @@ func FromDump(r io.Reader) (*bundlev1.Bundle, error) { } // Drain input content - content, err := ioutil.ReadAll(r) + content, err := io.ReadAll(r) if err != nil { return nil, fmt.Errorf("unable to read input content: %w", err) } diff --git a/pkg/bundle/patch/reader.go b/pkg/bundle/patch/reader.go index 7c2a319e..20aa58fe 100644 --- a/pkg/bundle/patch/reader.go +++ b/pkg/bundle/patch/reader.go @@ -20,7 +20,6 @@ package patch import ( "fmt" "io" - "io/ioutil" "google.golang.org/protobuf/encoding/protojson" @@ -43,7 +42,7 @@ func YAML(r io.Reader) (*bundlev1.Patch, error) { } // Drain reader - jsonData, err := ioutil.ReadAll(jsonReader) + jsonData, err := io.ReadAll(jsonReader) if err != nil { return nil, fmt.Errorf("unbale to drain all json reader content: %w", err) } diff --git a/pkg/bundle/ruleset/bundle.go b/pkg/bundle/ruleset/bundle.go index de43ba17..4b2f26a2 100644 --- a/pkg/bundle/ruleset/bundle.go +++ b/pkg/bundle/ruleset/bundle.go @@ -75,7 +75,7 @@ func FromBundle(b *bundlev1.Bundle) (*bundlev1.RuleSet, error) { // Process each secret for _, s := range p.Secrets.Data { - r.Constraints = append(r.Constraints, fmt.Sprintf(`p.has_secret("%s")`, s.Key)) + r.Constraints = append(r.Constraints, fmt.Sprintf(`p.has_secret(%q)`, s.Key)) } // Add the rules diff --git a/pkg/bundle/ruleset/linter/reader.go b/pkg/bundle/ruleset/linter/reader.go index e7e98894..d5825579 100644 --- a/pkg/bundle/ruleset/linter/reader.go +++ b/pkg/bundle/ruleset/linter/reader.go @@ -20,7 +20,6 @@ package linter import ( "fmt" "io" - "io/ioutil" "google.golang.org/protobuf/encoding/protojson" @@ -43,7 +42,7 @@ func YAML(r io.Reader) (*bundlev1.RuleSet, error) { } // Drain reader - jsonData, err := ioutil.ReadAll(jsonReader) + jsonData, err := io.ReadAll(jsonReader) if err != nil { return nil, fmt.Errorf("unbale to drain all json reader content: %w", err) } diff --git a/pkg/bundle/template/reader.go b/pkg/bundle/template/reader.go index a5bd314a..58848cf6 100644 --- a/pkg/bundle/template/reader.go +++ b/pkg/bundle/template/reader.go @@ -20,7 +20,6 @@ package template import ( "fmt" "io" - "io/ioutil" "google.golang.org/protobuf/encoding/protojson" @@ -43,7 +42,7 @@ func YAML(r io.Reader) (*bundlev1.Template, error) { } // Drain reader - jsonData, err := ioutil.ReadAll(jsonReader) + jsonData, err := io.ReadAll(jsonReader) if err != nil { return nil, fmt.Errorf("unbale to drain all json reader content: %w", err) } diff --git a/pkg/bundle/vfs/fs_test.go b/pkg/bundle/vfs/fs_test.go index bab91188..4ea0b340 100644 --- a/pkg/bundle/vfs/fs_test.go +++ b/pkg/bundle/vfs/fs_test.go @@ -18,7 +18,7 @@ package vfs import ( - "io/ioutil" + "io" "testing" "github.com/davecgh/go-spew/spew" @@ -67,7 +67,7 @@ func TestBundle_FS_Initialization(t *testing.T) { return } - payload, err := ioutil.ReadAll(f) + payload, err := io.ReadAll(f) if err != nil { t.Errorf("unable to read file from filesystem : %v", err) return diff --git a/pkg/container/codec.go b/pkg/container/codec.go index 1de28b7a..912ac335 100644 --- a/pkg/container/codec.go +++ b/pkg/container/codec.go @@ -24,7 +24,6 @@ import ( "encoding/binary" "fmt" "io" - "io/ioutil" "github.com/awnumar/memguard" "golang.org/x/crypto/blake2b" @@ -75,7 +74,7 @@ func Load(r io.Reader) (*containerv1.Container, error) { } // Drain input reader - decoded, err := ioutil.ReadAll(r) + decoded, err := io.ReadAll(r) if err != nil { return nil, fmt.Errorf("unable to container content") } diff --git a/pkg/kv/api.go b/pkg/kv/api.go index ac47c274..5dfb97d1 100644 --- a/pkg/kv/api.go +++ b/pkg/kv/api.go @@ -21,10 +21,8 @@ import ( "errors" ) -var ( - // ErrKeyNotFound is raised when the given key could not be found in the store. - ErrKeyNotFound = errors.New("key not found") -) +// ErrKeyNotFound is raised when the given key could not be found in the store. +var ErrKeyNotFound = errors.New("key not found") // Store describes the key/value store contract. type Store interface { diff --git a/pkg/sdk/cmdutil/bug.go b/pkg/sdk/cmdutil/bug.go index 4ea965a9..364dbc86 100644 --- a/pkg/sdk/cmdutil/bug.go +++ b/pkg/sdk/cmdutil/bug.go @@ -21,7 +21,6 @@ import ( "bytes" "fmt" "io" - "io/ioutil" "os" "path/filepath" "regexp" @@ -98,7 +97,7 @@ func printOSDetails(w io.Writer) { case "illumos", "solaris": // Be sure to use the OS-supplied uname, in "/usr/bin": printCmdOut(w, "uname -srv: ", "/usr/bin/uname", "-srv") - out, err := ioutil.ReadFile("/etc/release") + out, err := os.ReadFile("/etc/release") if err == nil { fmt.Fprintf(w, "/etc/release: %s\n", out) } @@ -157,7 +156,7 @@ func printGlibcVersion(w io.Writer) { src := []byte(`int main() {}`) srcfile := filepath.Join(tempdir, "go-bug.c") outfile := filepath.Join(tempdir, "go-bug") - err := ioutil.WriteFile(srcfile, src, 0o600) + err := os.WriteFile(srcfile, src, 0o600) if err != nil { return } @@ -178,7 +177,8 @@ func printGlibcVersion(w io.Writer) { if m == nil { return } - cmd = exec.Command(m[1]) // controlled input + //nolint:gosec // controlled input + cmd = exec.Command(m[1]) out, err = cmd.Output() if err != nil { return diff --git a/pkg/sdk/cmdutil/plugin.go b/pkg/sdk/cmdutil/plugin.go index 8ad8fa6d..c22525ba 100644 --- a/pkg/sdk/cmdutil/plugin.go +++ b/pkg/sdk/cmdutil/plugin.go @@ -91,6 +91,7 @@ func (h *DefaultPluginHandler) Execute(executablePath string, cmdArgs, environme // invoke cmd binary relaying the environment and args given // append executablePath to cmdArgs, as execve will make first argument the "binary name". + //nolint:gosec // controlled input return syscall.Exec(executablePath, append([]string{executablePath}, cmdArgs...), environment) } diff --git a/pkg/sdk/convert/yaml.go b/pkg/sdk/convert/yaml.go index f12a59b0..d41e8438 100644 --- a/pkg/sdk/convert/yaml.go +++ b/pkg/sdk/convert/yaml.go @@ -23,7 +23,6 @@ import ( "errors" "fmt" "io" - "io/ioutil" "reflect" "sigs.k8s.io/yaml" @@ -62,7 +61,7 @@ func loadFromYAML(r io.Reader) (io.Reader, error) { } // Drain input reader - in, err := ioutil.ReadAll(r) + in, err := io.ReadAll(r) if err != nil && !errors.Is(err, io.EOF) { return nil, fmt.Errorf("unable to drain input reader: %w", err) } diff --git a/pkg/sdk/security/crypto/encoder.go b/pkg/sdk/security/crypto/encoder.go index 2651405b..7b211202 100644 --- a/pkg/sdk/security/crypto/encoder.go +++ b/pkg/sdk/security/crypto/encoder.go @@ -30,6 +30,7 @@ import ( "fmt" "go.step.sm/crypto/pemutil" + // Import Blake2b _ "golang.org/x/crypto/blake2b" "golang.org/x/crypto/ssh" diff --git a/pkg/sdk/tlsconfig/config.go b/pkg/sdk/tlsconfig/config.go index a38a8cb2..62275479 100644 --- a/pkg/sdk/tlsconfig/config.go +++ b/pkg/sdk/tlsconfig/config.go @@ -27,7 +27,6 @@ import ( "crypto/x509" "encoding/pem" "fmt" - "io/ioutil" "os" "github.com/pkg/errors" @@ -117,7 +116,7 @@ func certPool(caFile string, exclusivePool bool) (*x509.CertPool, error) { return nil, fmt.Errorf("failed to read system certificates: %w", err) } } - content, err := ioutil.ReadFile(caFile) + content, err := os.ReadFile(caFile) if err != nil { return nil, fmt.Errorf("could not read CA certificate %q: %w", caFile, err) } @@ -187,12 +186,12 @@ func getCert(options *Options) ([]tls.Certificate, error) { errMessage := "Could not load X509 key pair" - cert, err := ioutil.ReadFile(options.CertFile) + cert, err := os.ReadFile(options.CertFile) if err != nil { return nil, errors.Wrap(err, errMessage) } - prKeyBytes, err := ioutil.ReadFile(options.KeyFile) + prKeyBytes, err := os.ReadFile(options.KeyFile) if err != nil { return nil, errors.Wrap(err, errMessage) } diff --git a/pkg/template/cmdutil/values.go b/pkg/template/cmdutil/values.go index c30058f6..d955aa17 100644 --- a/pkg/template/cmdutil/values.go +++ b/pkg/template/cmdutil/values.go @@ -21,7 +21,7 @@ import ( "bytes" "encoding/json" "fmt" - "io/ioutil" + "io" "os" "path" "path/filepath" @@ -85,7 +85,7 @@ func (opts *ValueOptions) MergeValues() (map[string]interface{}, error) { // User specified a value via --set-file for _, value := range opts.FileValues { reader := func(rs []rune) (interface{}, error) { - bytes, err := ioutil.ReadFile(string(rs)) + bytes, err := os.ReadFile(string(rs)) return string(bytes), err } if err := strvals.ParseIntoFile(value, base, reader); err != nil { @@ -160,7 +160,7 @@ func processFilePath(currentDirectory, filePath string, result interface{}) erro // Drain reader var contentBytes []byte - contentBytes, err = ioutil.ReadAll(reader) + contentBytes, err = io.ReadAll(reader) if err != nil { return fmt.Errorf("unable to drain all reader content from '%s': %w", filePath, err) } diff --git a/pkg/template/engine/values.go b/pkg/template/engine/values.go index e49a3ad5..effbe84f 100644 --- a/pkg/template/engine/values.go +++ b/pkg/template/engine/values.go @@ -21,7 +21,6 @@ import ( "errors" "fmt" "io" - "io/ioutil" "strings" "sigs.k8s.io/yaml" @@ -33,7 +32,7 @@ import ( // ReadValues will parse YAML byte data into a Values. func ReadValues(r io.Reader) (vals Values, err error) { // Drain reader - data, err := ioutil.ReadAll(r) + data, err := io.ReadAll(r) if err != nil { return map[string]interface{}{}, err } diff --git a/pkg/template/values/hocon/hocon.go b/pkg/template/values/hocon/hocon.go index b52e9840..1cd8b016 100644 --- a/pkg/template/values/hocon/hocon.go +++ b/pkg/template/values/hocon/hocon.go @@ -21,7 +21,7 @@ import ( "bytes" "encoding/json" "fmt" - "io/ioutil" + "os" "path/filepath" "github.com/go-akka/configuration" @@ -105,7 +105,7 @@ func hoconIncludeCallback(filename string) *hocon.HoconRoot { default: root := hocon.Parse("", nil) for _, f := range files { - data, err := ioutil.ReadFile(f) + data, err := os.ReadFile(f) if err != nil { log.Bg().Error("hocon: unable to load file glob", zap.Error(err)) return nil diff --git a/test/cmd/suite_test.go b/test/cmd/suite_test.go index 4dbf8e18..e3ab1eaa 100644 --- a/test/cmd/suite_test.go +++ b/test/cmd/suite_test.go @@ -101,7 +101,7 @@ func copyIn(sourcePath, destinationPath string, recursive bool) { err := os.MkdirAll(destinationPath, 0o777) Expect(err).NotTo(HaveOccurred()) - files, err := ioutil.ReadDir(sourcePath) + files, err := os.ReadDir(sourcePath) Expect(err).NotTo(HaveOccurred()) for _, f := range files { srcPath := filepath.Join(sourcePath, f.Name()) @@ -128,9 +128,9 @@ func copyIn(sourcePath, destinationPath string, recursive bool) { } func sameFile(filePath, otherFilePath string) bool { - content, readErr := ioutil.ReadFile(filePath) + content, readErr := os.ReadFile(filePath) Expect(readErr).NotTo(HaveOccurred()) - otherContent, readErr := ioutil.ReadFile(otherFilePath) + otherContent, readErr := os.ReadFile(otherFilePath) Expect(readErr).NotTo(HaveOccurred()) Expect(string(content)).To(Equal(string(otherContent))) return true diff --git a/tools/go.mod b/tools/go.mod index 7f48fc34..5caafb41 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -12,7 +12,7 @@ require ( github.com/fatih/color v1.13.0 github.com/frapposelli/wwhrd v0.4.0 github.com/golang/mock v1.6.0 - github.com/golangci/golangci-lint v1.42.1 + github.com/golangci/golangci-lint v1.43.0 github.com/google/wire v0.5.0 github.com/izumin5210/gex v0.6.1 github.com/magefile/mage v1.11.0